[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
Re: Permissions on UU tables
- To: uu@total-knowledge.com
- Subject: Re: Permissions on UU tables
- From: Alexey Parshin <alexeyp@gmail.com>
- Date: Tue, 23 Mar 2010 07:30:48 +1100
- Delivered-to: mailing list uu@total-knowledge.com
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=2gEDJsbPkX68wBKjBqBHuRmF6IGXM/cL7o3TmDi8BXo=; b=pZje+BCKZrAVjYGvY8YooTnp4gvcAEYtzB/1vVIO5IDUDNI+aE6cvibNqKiZPo+t3x PJgdYX6RGebUfDSbC4tqzBRqgpM0MeQksTIzJCn2u6r5B5oUkDAZwgJp4CcN2EZ6FP7/ byLHWO/rdyOngZ2p+XoLALHjca+qnobWKE6U8=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=pXvbGuqUzkHBCnFq2cL7YqMcsyqfwgtKM/+TzVag8UrT8NT6XUD89HAY7S0JCwkb++ RTix3rfYwj83uV97Eiej8CZuX2Zv+XJ3UZvZcGBs218V83hs+wP0i95uzA4OHXQUCptM hvktsAyMedl7g5lucPpNXmC0EE36kTqb9KoLs=
- In-reply-to: <4BA79ED9.40005@total-knowledge.com>
- Mailing-list: contact uu-help@total-knowledge.com; run by ezmlm
- References: <4BA79ED9.40005@total-knowledge.com>
The idea is pretty simple. Most of the tables (if not all) are created with
no access for regular user. All the stored procedures are created as
SECURITY DEFINER. Such stored procedures have the access rights to the
database same as the procedure creator. Permissions are checked with the UU
function can_access() or has_access() - I don't remember the exact name. If
the access isn't granted, this function raises the exception. If the access
is granted, it does nothing. The can_access() function uses user data from
the temporary table, created during the execution of the login().
On 23 March 2010 03:46, Ilya A. Volynets-Evenbakh
<ilya@total-knowledge.com>wrote:
> I just recreated my local database from scratch, using
> and am using non-superuser account to connect to it from UU.
>
> I am getting access denied errors from various functions on
> various tables.
>
> How is this supposed to be handled? I vaguely remember
> that all procedures should have access to relevant tables,
> but user himself should not. How does it work? Where is it
> set up?
>
> --
> Ilya A. Volynets-Evenbakh
> http://www.total-knowledge.com
>
>
--
Alexey Parshin,
http://www.sptk.net